I tried to find the file in the repo today, but failed. Would it be possible for someone to post a link to download the latest file? That way i can download it and replace the version in the firewall. I really just need to get packet capture working in this firewall. Thanks.

I tried using diagnostics, edit file to change the line I noted. Didn't work. I'm sure I did it wrong.
I went ahead and shelled into a 1.2.3 nano box, mounted rw, backed up the old file, fetched the new one from Jim's site, renamed it, flagged it executable. Now packet capture works as expected. Thanks Jim.

I tried using diagnostics, edit file to change the line I noted. Didn't work. I'm sure I did it wrong.
I went ahead and shelled into a 1.2.3 nano box, mounted rw, backed up the old file, fetched the new one from Jim's site, renamed it, flagged it executable. Now packet capture works as expected. Thanks Jim.

Care to give instructions on how this is done? I'm not sure how to mount the filesystem rw to change the contents of the file.

Hi, this didn't quite work for me, but a variation of it did, so I'll post it, even though I make no claim to expertise of any kind. Thanks to those who replied above - it helped me find a "fix". I suspect it's not quite secure as it doesn't remount the volume as "ro" (read-only). I try to find a fix for that later. Any input would be appreciated.

I couldn't connect to jim's file on pingle.org - looks like the site is down maybe. However, when I did a line-by-line comparison of the file diag_packet_capture.php using pfsense's "edit file" in diagnostics (copied and pasted over to a file editor) compared to the commit file in dotdash's post, I noticed that my file contained the following (right at the end of the file):

conf_mount_ro();

include("fend.inc");

?>
which was not in the commit file. I did some google searching on conf_mount_ro() and I couldn't find it as a php function. Maybe I just didn't look correctly. I suspect it's supposed to be inside a system command like the line above it (system ("/usr/sbin/tcpdump …...etc). I did notice the conf_mount_rw(); us on top of the file, and that doesn't seem to cause a problem, so...........

Anyway, commenting out the line with //'s as follows

// conf_mount_ro();

makes the problem go away, and packet capture now works. I reversed the change to make sure that it was indeed this that was allowing it to work, and was able to confirm this.

Like I said, this is probably insecure, so I'll try playing with system ("/etc/rc.conf_mount_ro") next. If anyone knows how to make it work as a php function, please let me know. The fend.inc file does exist in the /usr/local/www directory, and leaving it alone seems to work just fine.

Of course, I'm not recommending this as a change because it's clearly taking out the command to re-convert the file to "ro", only as an indication that something might need fixing here. I do recommend that anyone wanting to try it copies a backup of the original diag_packet_capture.php to diag_packet_capture.php.old using pfsense's web interface "command" option in the Diagnostics section.

Hi, I am brand new to this forum. Have been using BSD for about 5 years and pfsense for about a year (running on an Alix). I had noticed I couldn't get anything out of the packet capture function and never really played with it until recently. I am having a flaming nasty dispute with my ISP and really needed this to work. I did a search and found the posts talking about how this was broken on embedded and suggesting replacing a file. There were also some other patches proposed. Having poked around a bit in the file system I realized that the issue was that the file is being written to /root which is normally read only on the embedded version. The patch calls the PHP function that marks the file system read/write and sets it back to read only on exit. If you stay in that page and are not attempting to capture after you leave it then maybe that will work, but here is a much more stable (and easy) to apply fix:

1. Go to Diagnostics - Edit file.
2. Enter /usr/local/www/diag_packet_capture.php
3. Scroll down to just past the copyright notice for the line $fp = "/root/"
4. Change it to $fp = "/var/"

Save the file. Your packet capture should now work fine on 1.2.3 embedded. /var is a memory disk on embedded. Your captured data will not survive a reboot. I don't personally see this as an issue.

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.